<?php
$page_title = "Login - fifaonline.ro";
include_once("top.php");
?>
<center><p class="text1">Login</p>
<?php

if(isset($_POST['submitted']))
{
	require_once('/includes/mysql_connect.php');
	if(!empty($_POST['identitate']))
	{
		$id = trim($_POST['identitate']);
	}
	else
	{
		echo "<font color = 'red'>You forgot to enter your ID.</font><br>";
		$id = FALSE;
	}
	
	if(!empty($_POST['password']))
	{
		$password = trim($_POST['password']);
		
	}
	else
	{
		echo "<font color = 'red'>You forgot to enter your password.</font><br>";
		$password = FALSE;
	}
	
	if ($id && $password)
	{
		$query = "SELECT admin_id, identitate FROM admin WHERE (identitate = '$id' AND password = SHA('$password'))";
		$result = mysql_query($query) or trigger_error("Query: $query\n <br> MySQL Error: " . mysql_error());
		
		if(@mysql_num_rows($result) == 1)
		{
			$row = mysql_fetch_array($result, MYSQL_NUM);
			mysql_free_result($result);
			mysql_close();
			
			
			$_SESSION['identitate'] = $row[1];
			$_SESSION['admin_id'] = $row[0];
			
			echo "<p>Welcome $id. Click the link below to manage the page.<br>";
			echo "<a href='manage.php'>Manage Page</a><br>";
			echo "<a href='quotes.php'>Quotes</a></br>";
			echo "<a href='poll_create.php'>Poll</a></br>";
			echo "<a href='logout.php'>Logout</a>";
		}
		else
		{
			echo "<font color = 'red'>Invalid username or password</font><br>";
		}
	}
}

?>

<br />
<br />
<br />
<form method="post" action="login.php">
<p class="text1">ID: </p><input type="text" name="identitate" />
<p class="text1">Password: </p><input type="password" name="password" />
<br><input type="submit" name="submit" value="Login"/>
<input type="hidden" name="submitted" value="TRUE" />
</form></center>
<br />
<br />
<br />
<?php
include_once("end.php");
?>